<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');

class Authen {

	///// return username pass
	/// return $mem['username'] $mem['password']
    function init()
    {
    	///init helper
    	$CI =& get_instance();
    	$CI->load->library('session');
		$CI->load->helper('cookie');
		$CI->load->library('encrypt');
    	///เก็บ username password ออกมาเพื่อส่งค่าออก
    	
    	//เก็บ username  จาก cookie
    	$mem['username'] = $CI->input->cookie('username');
    	//เก็บรหัสผ่านขึ้นมาจาก session แบบเข้ารหัส
		$tmp = $CI->encrypt->decode($CI->session->userdata('password'));
		$tmp = explode("XTCTX",$tmp);
		$mem['password'] = $tmp[0];
		if(isset($tmp[1])){
			$mem['userid']	 = $tmp[1];
		}	

		return $mem;
    	
    }
    
    ///เข้ารหัส หรัสผ่าน
    function hashpass($password){
    	$hash = "BeYourCyberMember";
    	$password = $password.$hash;
    	$password = MD5($password);
    	
    	return $password;
    }
    
    ///รับ user pass เข้ามาเช็คว่าตรงกับใน db หรือเปล่า
    function checkauthen(){
    	$CI =& get_instance();
    	$CI->load->library('Authen');
		$CI->load->library('Member');
		$cf		= $CI->member->memconfig();
    	$member = $CI->authen->init();
    	if(strlen($member['username']) <2 OR !isset($member['userid'])){
    		return FALSE;
    	}else{
	    	$checkuser = "SELECT username FROM `".$cf['table_usersystem']."` WHERE username='".mysql_escape_string($member['username'])."' AND password='".$member['password']."' AND id=".$member['userid']." AND userstatus = 90";
	    	$checkuser = mysql_query($checkuser) or die(mysql_error());
	    	
	    	if(mysql_num_rows($checkuser)> 0){
	    		//มี user pass นี้จริง
	    		return TRUE;
	    	}else{
	    		return FALSE;
	    	}
    	}
    	
    }
	
	//เช็คว่าเป็น admin หรือเปล่า(userrank = 90)
	function checkAdmin(){
    	$CI =& get_instance();
    	$CI->load->library('Authen');
		$CI->load->library('Member');
		$cf		= $CI->member->memconfig();
    	$member = $CI->authen->init();
    	if(strlen($member['username']) <2 OR !isset($member['userid'])){
    		return FALSE;
    	}else{
	    	$checkuser = "SELECT username FROM `".$cf['table_usersystem']."` WHERE username='".mysql_escape_string($member['username'])."' AND password='".$member['password']."' AND id=".$member['userid']." AND userrank=90";
	    	$checkuser = mysql_query($checkuser) or die(mysql_error());
	    	
	    	if(mysql_num_rows($checkuser)> 0){
	    		//มี user pass นี้จริง
	    		return TRUE;
	    	}else{
	    		return FALSE;
	    	}
    	}
    	
    }
    
    
    function writeAuthen($username,$password,$userid){
    	$CI =& get_instance();
    	$CI->load->library('session');
		$CI->load->helper('cookie');
		$CI->load->library('encrypt');
		
		$CI->load->library('Authen');
		$password = $CI->authen->hashpass($password);
		$password = $password."XTCTX".$userid;
		$encryptpass = $CI->encrypt->encode($password);

		$CI->session->set_userdata('password', $encryptpass);
		
		$cookie = array(
		                   'name'   => 'username',
		                   'value'  => $username,
		                   'expire' => '86500'
		               );
		
		set_cookie($cookie); 
		
		$CI->session->set_userdata('oklogin', $encryptpass);
		
    }

    function logout(){
    	$CI =& get_instance();
		$CI->load->helper('cookie');
		$CI->load->library('session');
    	$CI->session->unset_userdata('password');
		delete_cookie("username");

    }
	
}

?>